Fortinet black logo

CLI Reference

system dns

Configure DNS.

  config system dns
      Description: Configure DNS.
      set primary {ipv4-address}
      set secondary {ipv4-address}
      set dns-over-tls [disable|enable|...]
      set ssl-certificate {string}
      set server-hostname <hostname1>, <hostname2>, ...
      set domain <domain1>, <domain2>, ...
      set ip6-primary {ipv6-address}
      set ip6-secondary {ipv6-address}
      set timeout {integer}
      set retry {integer}
      set dns-cache-limit {integer}
      set dns-cache-ttl {integer}
      set cache-notfound-responses [disable|enable]
      set source-ip {ipv4-address}
  end

config system dns

Parameter Name Description Type Size
primary Primary DNS server IP address. ipv4-address Not Specified
secondary Secondary DNS server IP address. ipv4-address Not Specified
dns-over-tls Enable/disable/enforce DNS over TLS.
disable: Disable DNS over TLS.
enable: Use TLS for DNS queries if TLS is available.
enforce: Use only TLS for DNS queries. Does not fall back to unencrypted DNS queries if TLS is unavailable.
option -
ssl-certificate Name of local certificate for SSL connections. string Maximum length: 35
server-hostname <hostname> DNS server host name list.
DNS server host name list separated by space (maximum 4 domains).
string Maximum length: 127
domain <domain> Search suffix list for hostname lookup.
DNS search domain list separated by space (maximum 8 domains).
string Maximum length: 127
ip6-primary Primary DNS server IPv6 address. ipv6-address Not Specified
ip6-secondary Secondary DNS server IPv6 address. ipv6-address Not Specified
timeout DNS query timeout interval in seconds (1 - 10). integer Minimum value: 1 Maximum value: 10
retry Number of times to retry (0 - 5). integer Minimum value: 0 Maximum value: 5
dns-cache-limit Maximum number of records in the DNS cache. integer Minimum value: 0 Maximum value: 4294967295
dns-cache-ttl Duration in seconds that the DNS cache retains information. integer Minimum value: 60 Maximum value: 86400
cache-notfound-responses Enable/disable response from the DNS server when a record is not in cache.
disable: Disable cache NOTFOUND responses from DNS server.
enable: Enable cache NOTFOUND responses from DNS server.
option -
source-ip IP address used by the DNS server as its source IP. ipv4-address Not Specified

Configure DNS.

  config system dns
      Description: Configure DNS.
      set primary {ipv4-address}
      set secondary {ipv4-address}
      set dns-over-tls [disable|enable|...]
      set ssl-certificate {string}
      set server-hostname <hostname1>, <hostname2>, ...
      set domain <domain1>, <domain2>, ...
      set ip6-primary {ipv6-address}
      set ip6-secondary {ipv6-address}
      set timeout {integer}
      set retry {integer}
      set dns-cache-limit {integer}
      set dns-cache-ttl {integer}
      set cache-notfound-responses [disable|enable]
      set source-ip {ipv4-address}
  end

config system dns

Parameter Name Description Type Size
primary Primary DNS server IP address. ipv4-address Not Specified
secondary Secondary DNS server IP address. ipv4-address Not Specified
dns-over-tls Enable/disable/enforce DNS over TLS.
disable: Disable DNS over TLS.
enable: Use TLS for DNS queries if TLS is available.
enforce: Use only TLS for DNS queries. Does not fall back to unencrypted DNS queries if TLS is unavailable.
option -
ssl-certificate Name of local certificate for SSL connections. string Maximum length: 35
server-hostname <hostname> DNS server host name list.
DNS server host name list separated by space (maximum 4 domains).
string Maximum length: 127
domain <domain> Search suffix list for hostname lookup.
DNS search domain list separated by space (maximum 8 domains).
string Maximum length: 127
ip6-primary Primary DNS server IPv6 address. ipv6-address Not Specified
ip6-secondary Secondary DNS server IPv6 address. ipv6-address Not Specified
timeout DNS query timeout interval in seconds (1 - 10). integer Minimum value: 1 Maximum value: 10
retry Number of times to retry (0 - 5). integer Minimum value: 0 Maximum value: 5
dns-cache-limit Maximum number of records in the DNS cache. integer Minimum value: 0 Maximum value: 4294967295
dns-cache-ttl Duration in seconds that the DNS cache retains information. integer Minimum value: 60 Maximum value: 86400
cache-notfound-responses Enable/disable response from the DNS server when a record is not in cache.
disable: Disable cache NOTFOUND responses from DNS server.
enable: Enable cache NOTFOUND responses from DNS server.
option -
source-ip IP address used by the DNS server as its source IP. ipv4-address Not Specified